Securing email communications

摘要

Methods and systems are provided for securing email communications. According to one embodiment, a network device receives an outbound email originated by a computing device of an internal network and directed to a target recipient. It is determined whether a domain name of the target recipient is present in a global doppelganger database. When the domain name is determined to be present in the global doppelganger database, transmission of the outbound email to the target recipient is prevented if the domain name is an unacceptable domain name and transmission of the the outbound email to the target recipient is permitted if the domain name is an acceptable domain name.

主权项

1. A method comprising:
maintaining within a private network a database including information regarding each of a plurality of domains, including legitimate domains and doppelganger domains, wherein the doppelganger domains represent potential malicious domains and include one or more of a mistyped variation of a fully qualified domain name (FQDN) of a well-known domain and an FQDN spelled identically to a legitimate FQDN but without a dot between a hostname portion and a domain name portion of the legitimate FQDN, wherein the information includes an indication regarding perceived legitimacy of the domain and one or more of an indication regarding configuration status of a mail server associated with the domain, an indication of a registered owner of the domain and an indication regarding how long the domain has been registered; receiving, by an email security appliance within the private network, an outbound email message originated by a host computing system of the private network and directed to a destination external to the private network; evaluating, by the email security appliance, each of a plurality of target domains specified within a plurality of address fields of the outbound email message by accessing the database; when the indication regarding perceived legitimacy for each of the plurality of target domains identifies the target domain as acceptable to access, then allowing transmission of the outbound email message to the desination; and when the indication regarding perceived legitimacy for one or more target domains of the plurality of target domains identifies the one or more target domains as unacceptable to access, then preventing transmission of the outbound email message to the destination.